Bug 42788

Summary: Bluetooth unplug: Unable to handle kernel paging request
Product: Drivers Reporter: Janusz Krzysztofik (jkrzyszt)
Component: BluetoothAssignee: drivers_bluetooth (drivers_bluetooth)
Status: NEW ---    
Severity: normal CC: basicrules, jhyeon
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 3.3-rc3 Subsystem:
Regression: Yes Bisected commit-id:

Description Janusz Krzysztofik 2012-02-17 00:46:26 UTC
On every unplug of my bluetooth dongle I get something like this:

[  586.896452] usb 1-1: USB disconnect, device number 2
[  586.946409] Unable to handle kernel paging request at virtual address 00200200
[  586.953830] pgd = c0004000
[  586.956953] [00200200] *pgd=00000000
[  586.960700] Internal error: Oops: 8c5 [#1] PREEMPT
[  586.965592] Modules linked in:
[  586.968759] CPU: 0    Not tainted  (3.3.0-rc3 #1)
[  586.973665] PC is at l2cap_chan_destroy+0x38/0x9c
[  586.978524] LR is at l2cap_sock_kill+0x50/0x94
[  586.983100] pc : [<c02d00c4>]    lr : [<c02d2658>]    psr: 60000013
[  586.983155] sp : c186fd28  ip : c104a3a0  fp : c186fd3c
[  586.994777] r10: c123c504  r9 : 00000067  r8 : c1a5d400
[  587.000112] r7 : c123c36c  r6 : c123c480  r5 : c104a200  r4 : c104a200
[  587.006764] r3 : 00100100  r2 : c186e000  r1 : 00100100  r0 : 00200200
[  587.013416] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment kernel
[  587.020863] Control: 0000317f  Table: 11040000  DAC: 00000017
[  587.026724] Process khubd (pid: 187, stack limit = 0xc186e270)
[  587.032676] Stack: (0xc186fd28 to 0xc1870000)
[  587.037177] fd20:                   c186fd64 c104a400 c186fd54 c186fd40 c02d2658 c02d009c
[  587.045549] fd40: c104a200 c104a400 c186fd64 c186fd58 c02d26ac c02d2618 c186fd9c c186fd68
[  587.053917] fd60: c02c8e28 c02d26ac c186e000 c1802200 c111d2e0 00000016 c1a5d400 c1969008
[  587.062288] fd80: c0476214 c04761e4 c195c000 c047fbb0 c186fdb4 c186fda0 c02cc95c c02c8da8
[  587.070663] fda0: c1a5d400 c1969448 c186fdd4 c186fdb8 c02b84dc c02cc924 c02b371c c1a5d400
[  587.079034] fdc0: c1969000 00000338 c186fdf4 c186fdd8 c02b3a54 c02b8474 c1969000 c1969000
[  587.087401] fde0: c1973e00 c0476214 c186fe14 c186fdf8 c02b5e5c c02b3890 00000058 c194b908
[  587.095772] fe00: c1969000 c1960540 c186fe34 c186fe18 c02135dc c02b5dd8 c1973e20 c1973e00
[  587.104143] fe20: c1973e20 c195d800 c186fe5c c186fe38 c01d39e0 c0213560 c186fe5c c1973e20
[  587.112516] fe40: c0476214 c047236c 00000000 c195d868 c186fe74 c186fe60 c018ecec c01d399c
[  587.120888] fe60: c1973e20 c1973e54 c186fe8c c186fe78 c018f410 c018ec78 c1973e20 c187b02c
[  587.129261] fe80: c186feac c186fe90 c018e6a4 c018f3fc c186feac c1973e00 c1973e20 c195d868
[  587.137632] fea0: c186fecc c186feb0 c018c29c c018e5b4 c1973e00 c1973e00 c195d800 00000001
[  587.146004] fec0: c186ff04 c186fed0 c01d1350 c018c198 c018b588 c018b4f4 c186ff04 c195d800
[  587.154371] fee0: 0000001f c195c000 c195c658 00000001 00000003 00000001 c186ff24 c186ff08
[  587.162740] ff00: c01cacb8 c01d12b0 c195c400 c195d800 c18b7200 00000100 c186ffbc c186ff28
[  587.171110] ff20: c01cb6d4 c01cac34 ffffffff c0484248 c186ff64 c186ff40 c003c158 c186ff7c
[  587.179478] ff40: c195c400 00000000 00000001 c186e000 c1961420 c195c400 c195c000 c1961420
[  587.187842] ff60: c195c400 00000000 00000012 00000000 00000000 c185c840 c0036e74 c186ff7c
[  587.196209] ff80: c186ff7c c186ffcc 01000003 00000000 c01cb058 c186ffcc c1829f10 00000000
[  587.204574] ffa0: c01cb058 00000000 00000000 00000000 c186fff4 c186ffc0 c00369e0 c01cb068
[  587.212940] ffc0: c1829f10 00000000 00000000 00000000 c186ffd0 c186ffd0 c1829f10 c0036954
[  587.221304] ffe0: c001fc44 00000013 00000000 c186fff8 c001fc44 c0036964 00000000 00000000
[  587.229603] Backtrace: 
[  587.232278] [<c02d008c>] (l2cap_chan_destroy+0x0/0x9c) from [<c02d2658>] (l2cap_sock_kill+0x50/0x94)
[  587.241582]  r4:c104a400
[  587.244310] [<c02d2608>] (l2cap_sock_kill+0x0/0x94) from [<c02d26ac>] (l2cap_sock_close_cb+0x10/0x14)
[  587.253694]  r4:c104a400
[  587.256421] [<c02d269c>] (l2cap_sock_close_cb+0x0/0x14) from [<c02c8e28>] (l2cap_conn_del+0x90/0x164)
[  587.265898] [<c02c8d98>] (l2cap_conn_del+0x0/0x164) from [<c02cc95c>] (l2cap_disconn_cfm+0x48/0x58)
[  587.275248] [<c02cc914>] (l2cap_disconn_cfm+0x0/0x58) from [<c02b84dc>] (hci_conn_hash_flush+0x78/0xe4)
[  587.284815]  r5:c1969448 r4:c1a5d400
[  587.288629] [<c02b8464>] (hci_conn_hash_flush+0x0/0xe4) from [<c02b3a54>] (hci_dev_do_close+0x1d4/0x340)
[  587.298274]  r5:00000338 r4:c1969000
[  587.302077] [<c02b3880>] (hci_dev_do_close+0x0/0x340) from [<c02b5e5c>] (hci_unregister_dev+0x94/0x1a8)
[  587.311635]  r7:c0476214 r6:c1973e00 r5:c1969000 r4:c1969000
[  587.317642] [<c02b5dc8>] (hci_unregister_dev+0x0/0x1a8) from [<c02135dc>] (btusb_disconnect+0x8c/0xf0)
[  587.327115]  r5:c1960540 r4:c1969000
[  587.330938] [<c0213550>] (btusb_disconnect+0x0/0xf0) from [<c01d39e0>] (usb_unbind_interface+0x54/0x100)
[  587.340587]  r6:c195d800 r5:c1973e20 r4:c1973e00
[  587.345483] [<c01d398c>] (usb_unbind_interface+0x0/0x100) from [<c018ecec>] (__device_release_driver+0x84/0xc4)
[  587.355745]  r8:c195d868 r7:00000000 r6:c047236c r5:c0476214 r4:c1973e20
[  587.362779] [<c018ec68>] (__device_release_driver+0x0/0xc4) from [<c018f410>] (device_release_driver+0x24/0x30)
[  587.373034]  r5:c1973e54 r4:c1973e20
[  587.376817] [<c018f3ec>] (device_release_driver+0x0/0x30) from [<c018e6a4>] (bus_remove_device+0x100/0x118)
[  587.386719]  r5:c187b02c r4:c1973e20
[  587.390562] [<c018e5a4>] (bus_remove_device+0x0/0x118) from [<c018c29c>] (device_del+0x114/0x16c)
[  587.399598]  r6:c195d868 r5:c1973e20 r4:c1973e00
[  587.404509] [<c018c188>] (device_del+0x0/0x16c) from [<c01d1350>] (usb_disable_device+0xb0/0x200)
[  587.413545]  r6:00000001 r5:c195d800 r4:c1973e00
[  587.418489] [<c01d12a0>] (usb_disable_device+0x0/0x200) from [<c01cacb8>] (usb_disconnect+0x94/0x134)
[  587.427988] [<c01cac24>] (usb_disconnect+0x0/0x134) from [<c01cb6d4>] (hub_thread+0x67c/0x10dc)
[  587.436845]  r7:00000100 r6:c18b7200 r5:c195d800 r4:c195c400
[  587.442857] [<c01cb058>] (hub_thread+0x0/0x10dc) from [<c00369e0>] (kthread+0x8c/0x98)
[  587.451055] [<c0036954>] (kthread+0x0/0x98) from [<c001fc44>] (do_exit+0x0/0x6a4)
[  587.458680]  r7:00000013 r6:c001fc44 r5:c0036954 r4:c1829f10
[  587.464596] Code: e280ce1a e59c0004 e59411a0 e59f3058 (e5801000) 
[  587.471237] ---[ end trace 56db5392bae4c40b ]---
[  587.476233] note: khubd[187] exited with preempt_count 1

Trying to bisect it, I found a message like this appeared first at commit 721c41812daf7b38759942563773a7832e3c990d, "Bluetooth: Move L2CAP timers to workqueue". I was able to fix that issue at that commit with an immediate return from l2cap_chan_destroy() on chan == NULL, however, that fix didn't help with 3.3-rc3. I have no resources to investigate it further, as I was experiencing too many transient issues throughout the patch series that commit belonged to.

I'm running on a 150MHz ARM OMAP1 machine.

Thanks,
Janusz
Comment 1 Alan 2012-08-30 14:42:54 UTC
*** Bug 43325 has been marked as a duplicate of this bug. ***
Comment 2 basicrules 2013-08-06 02:58:43 UTC
Got the same error on i686 pc, kernel 3.8.10, 3.10.4.
But with kernel 3.6.10 it was all right!